ADMINISTRATOR DEFINES 
DEVICE TO BE ENROLLED AS 
USER OF CLEARINGHOUSE 
SERVICES 



ISSUE COMMANDS AT 
DEVICE TO COMPLETE 
ENROLLMENT REQUEST 



DEVICE SENDS ENROLLMENT 
REQUEST TO 
CLEARINGHOUSE SERVER 



CREATE PUBLIC KEY 
CERTIFICATE AT 
CLEARINGHOUSE SERVER 
AND SEND CERTIFICATE TO 
DEVICE 
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OBTAIN DEVICE 
INFORMATION AND BUILD 
CONFIGURATION FILE FOR 
DEVICE AT CLEARINGHOUSE 
SERVER 
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DEVICE OBTAINS IDENTITY 
OF CLEARINGHOUSE 
SERVER 
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DEVICE OBTAINS CA 
CERTIFICATE FROM 
CLEARINGHOUSE SERVER 
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TERMINATE 
ENROLLMENT 
REQUEST 



DEVICE GENERATES PUBLIC/ 
PRIVATE KEY PAIR AND 
SENDS ENROLLMENT 
REQUEST WITH PUBLIC KEY 
TO CLEARINGHOUSE 
SERVER 
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Fig. 3B 



